Noupe.com has posted several tips of things you can do to help secure your website and its information.
These "loose ends" are what hackers are looking for, and in PHP, they're not that hard to find. The key is for you to find them first, and to leverage PHP's unique features to minimize your security vulnerability. [...] PHP Security involves minimizing programming errors as much as possible, and putting proper code in place to protect against possible vulnerabilities.
They talk about common types of attacks, some of the PHP-related settings and features that could cause issues (register_globals, bad error reporting levels), and three security tools you can use to get you on the road to safety: PhpSecInfo, PHP Security Scanner and the Spike PHP Security Audit Tool.